RE: Network Statistics

From: Allan Jude (937863_at_primus.ca)
Date: 05/14/03

Next message: Allan Jude: "RE: Network Statistics"

Previous message: Diana Eichert: "Re: Which Quad-Ehternet Card to use?"
In reply to: PsYxAkIaS (FreeBSD): "Network Statistics"
Next in thread: PsYxAkIaS (FreeBSD): "Re: Network Statistics"
Reply: PsYxAkIaS (FreeBSD): "Re: Network Statistics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'PsYxAkIaS (FreeBSD)'" <freebsd@psyxakias.com>
Date: Wed, 14 May 2003 11:46:03 -0400

Ipband

It's in the ports tree, it is ment to email you whenever any of your ips
goes over a set limit (300kb/sec)
You can change a bit of code to make it install firewall rules rather
than email you

-----Original Message-----
From: owner-freebsd-isp@freebsd.org
[mailto:owner-freebsd-isp@freebsd.org] On Behalf Of PsYxAkIaS (FreeBSD)
Sent: Wednesday, May 14, 2003 7:46 AM
To: freebsd-isp@freebsd.org
Subject: Network Statistics

Hey all

I am currently using tcpstat to check if I am getting attacked, tcpdump
to trace the ips and what type of attack and ipfw firewall to block
them. Sometimes trafshow too but on big attacks trafshow isnt helpful.

1. Do you have any other utils than tcpdump to suggest ?

2. I was thinking to make a script to auto-block (via ipfw firewall) any
ip that spends 300 kb/sec for more than 1 minute. Do you know any tools
that may show me which of my ips are getting more than 300 kb/sec? I
hope you got my point

Best Regards
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

Next message: Allan Jude: "RE: Network Statistics"

Previous message: Diana Eichert: "Re: Which Quad-Ehternet Card to use?"
In reply to: PsYxAkIaS (FreeBSD): "Network Statistics"
Next in thread: PsYxAkIaS (FreeBSD): "Re: Network Statistics"
Reply: PsYxAkIaS (FreeBSD): "Re: Network Statistics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IPS, alternative solutions
... they're populated with attack patterns (hopefully in advance of those ... so then why IPS? ... > information on screens and printers, including JPEG image files. ... > - Embedded in Word sent as a MIME encoded mail ...
(Focus-IDS)
RE: need your help about IPS and IDS,thanks
... We run a SOC with IPSes. ... cause a DoS at high bandwidth), you can mitigate the attack without taking ... traditional firewall and IDS vendors try to protect their market shares. ... The main difference in my opinion is that IPS are inline and can therefore ...
(Focus-IDS)
AW: IPS - Cisco vs. McAfee vs. Tippingpoint
... Cisco IPS 4200 Series Sensor ... serious DDoS attack from the customer end. ... A guide to understanding SSL certificates, ...
(Focus-IDS)
Re: IPS, alternative solutions
... >>I think we can all agree that IPS is no replacement for Patch ... including JPEG image files. ... What we have are the following network attack vectors which come to mind ... Embedded in Word sent as a MIME encoded mail ...
(Focus-IDS)
Re: IPS, alternative solutions
... I do not question that an inline IPS can ... the attack happened. ... If you look at IDS in a limited scope of signatures and post faco ...
(Focus-IDS)